PT-2024-23284 · Unknown · Contest Gallery

Name of the Vulnerable Software and Affected Versions: Contest Gallery versions prior to 21.3.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized access or...

The vulnerability of the “Add News” function in the phpMyFAQ web application allows a hacker to gain unauthorized access to the application.

The vulnerability of the “Add News” function in the phpMyFAQ web application is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the application...

PT-2024-22891 · Unknown · Campcodes Online Examination System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Examination System version 1.0 Description: A critical issue has been found in the code of the file "/adminpanel/admin/query/deleteExamExe.php". The manipulation of the id argument leads to SQL injection. The attack can be...

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

PHP Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in PHP Task Management System version 1.0 that stems from vulnerability to SQL injection attacks via update-employee.php...

CVE-2024-2776

A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-2774

A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has be...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

CVE-2024-2675

A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2024-2669

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from an SQL injection vulnerability in the messagecontent parameter of file...

Campcodes Complete Online DJ Booking System SQL注入漏洞

Campcodes Complete Online DJ Booking System is an online DJ booking system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Complete Online DJ Booking System, which stems from an SQL injection vulnerability in the fromdate parameter of the...

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

Artica Pandora FMS SQL Injection Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. An SQL injection vulnerability exists in Artica Pandora FMS versions 700 through 776, which arises from an improper...

Artica Pandora FMS SQL Injection Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. An SQL injection vulnerability exists in Artica Pandora FMS versions 700 through 776, which arises from an improper...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for office management support systems from Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which stems from an SQL injection vulnerability in multiple parameters of the /amssplus/modules/book/main/bookdetailkhetperson.php page...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for the office administration support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which originates from an SQL injection vulnerability in the username parameter of the /amssplus/index.php page...

CVE-2024-2554

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched...